对于我的注册和登录视图,我收到此错误
CSRF verification failed. Request aborted.
You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.
If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for “same-origin” requests.
当我尝试访问端点时。我可以通过添加 csrf_exempt 装饰器来避免这种情况,但我担心发出 POST 请求 csrf-exempt 背后的安全隐患。我的注册端点将专门向我的数据库写入验证码(用户必须输入该验证码来验证其电子邮件)。有什么办法可以解决这个问题吗?
我很困惑,因为要获取 csrf 令牌,我必须首先调用 login(),但是如何在没有 csrf 令牌的情况下访问登录端点?
我创建了一个端点,让我可以按需生成 csrf 令牌,我在任何登录/注册端点之前首先调用该令牌。
from django.views.decorators.csrf import get_token, ensure_csrf_cookie
@ensure_csrf_cookie
def get_csrf_token(request):
csrf_token = get_token(request)
return JsonResponse({'csrf_token': csrf_token})